Date: Fri, 11 Feb 2011 20:39:41 GMT From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: secteam@FreeBSD.org Subject: ports/154696: [maintainer] databases/phpmyadmin211 -- security update to 2.11.11.3 Message-ID: <201102112039.p1BKdfAV091097@lucid-nonsense.infracaninophile.co.uk> Resent-Message-ID: <201102112040.p1BKe4I5026120@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 154696 >Category: ports >Synopsis: [maintainer] databases/phpmyadmin211 -- security update to 2.11.11.3 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri Feb 11 20:40:04 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 8.2-PRERELEASE amd64 >Organization: Infracaninophile >Environment: System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #35 r217746M: Sun Jan 23 12:18:14 GMT 2011 root@lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64 >Description: Secuirty update to 2.11.11.3: Security advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php Summary SQL query could be executed under another user. Description It was possible to create a bookmark which would be executed unintentionally by other users. Severity We consider this vulnerability to be critical. Mitigation factor To use this vulnerability, phpMyAdmin configuration storage needs to be set up and enabled and bookmarks function needs to be enabled. >How-To-Repeat: >Fix: --- phpmyadmin211.diff begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin211/Makefile,v retrieving revision 1.107 diff -u -u -r1.107 Makefile --- Makefile 9 Feb 2011 14:25:31 -0000 1.107 +++ Makefile 11 Feb 2011 20:35:43 -0000 @@ -6,7 +6,7 @@ # PORTNAME= phpMyAdmin211 -DISTVERSION= 2.11.11.2 +DISTVERSION= 2.11.11.3 CATEGORIES= databases www MASTER_SITES= SF/phpmyadmin/phpMyAdmin/${PORTVERSION} DISTNAME= ${PORTNAME:S/211//}-${DISTVERSION}-all-languages Index: distinfo =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin211/distinfo,v retrieving revision 1.86 diff -u -u -r1.86 distinfo --- distinfo 9 Feb 2011 14:25:31 -0000 1.86 +++ distinfo 11 Feb 2011 20:35:43 -0000 @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-2.11.11.2-all-languages.tar.bz2) = b7bc6525d61841509ff870c4510977f4dadfdb94507e1e58cb33a19945f87e52 -SIZE (phpMyAdmin-2.11.11.2-all-languages.tar.bz2) = 3119454 +SHA256 (phpMyAdmin-2.11.11.3-all-languages.tar.bz2) = f51773f0db0f94c3e2dae601ae2b61df5c52fc13c6934779d0f2457186a27fbb +SIZE (phpMyAdmin-2.11.11.3-all-languages.tar.bz2) = 3118923 --- phpmyadmin211.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201102112039.p1BKdfAV091097>